Cosmocloud Build Documentation
DocumentationTutorials
  • Welcome to Cosmocloud
  • Getting Started
    • 1. Organisations
    • 2. Projects
    • 3. Connect your Database
    • 4. Create Database Models
    • 5. Create APIs
    • 6. Testing Free Tier APIs
  • Free Tier
    • Connecting with MongoDB Data APIs
  • Templates
    • CRUD APIs
    • Entity Search APIs
    • Fetch / Upload Media APIs
  • Examples - How To?
    • Making an external API call
    • Reusable Flows - SubFlows
    • Creating Custom Error Responses
    • Flow Builder - Building Conditional Logics
    • Flow Builder - Utilising Loops
    • Creating Dynamic Queries
    • Accessing Auth Tokens in APIs
    • How to upload/download media in Object Storage
  • Resources
    • APIs
      • Checking Logs
    • SubFlows
    • Models
      • Building Models
    • Environments
      • Environment Tier Types
    • Secrets
      • Custom Secrets
    • Databases
    • Releases
    • Vector Search
      • Create a Vector Search Index
      • Edit a Vector Search Index
      • Delete a Vector Search Index
    • Document Search
      • Full Text Search
        • Concepts
          • Indexing in full-text search
          • Data processing using Analyzers
        • Create a Search Index
        • Creating a Custom Analyzer
        • Full Text Search FAQ
      • Vector Search
    • Object Storage
  • Flow Builder
    • Node Types
      • Trigger Nodes
        • HTTP Response
      • Conditional Nodes
        • If Else
        • If Else V2
        • Switch Case
      • Crypto Nodes
        • PBKDF2 Hmac Hash
      • Debug Node
      • Database Nodes
        • Delete One
        • Delete Many
        • Fetch By ID
        • Find One
        • Find Many
        • Insert One
        • Insert Many
        • List Records
        • Run Aggregation Pipeline
        • Update One
        • Update by ID
        • Update Many
      • External Nodes
        • Fire Events (SQS)
        • API Call
        • Delete storage objects
        • Execute SubFlow
        • Get Presigned URL
        • Post Presigned URL
        • Send EMAIL (SES)
        • Send SMS (SNS)
      • Loop Nodes
        • For loop
        • While loop
      • Variable Nodes
        • Arrays
          • Append array
          • Contains
          • Check array empty
          • Extend array
          • Get Array Item
          • Length of array
          • Reverse array
          • Sort array
        • Date and Time
          • Set current datetime
        • Strings
          • Append String
          • Concat Strings
          • Convert to String
          • Length of String
          • Slice String
          • Split String
          • String Operations
          • To Lower
          • To Upper
          • Trim String
        • Mathematical
          • Add Variable
          • Complex Math Expr
          • Decrement Variable
          • Divide Variable
          • Increment Variable
          • Multiply Variable
          • Subtract Variable
        • JSON
          • Build JSON Object
          • Merge JSON Objects
          • Object to String
          • Update JSON Object
        • Special
          • Build Map
          • Set Variable
          • Exists Check
    • Node name
    • CQL - Cosmocloud Query Language
      • Building Expressions
        • $abs
        • $add
        • $addDate
        • $arrayElemAt
        • $avg
        • $buildDateTime
        • $buildMap
        • $ceil
        • $cond
        • $divide
        • $floor
        • $getDay
        • $getHour
        • $getMinute
        • $getMonth
        • $getSecond
        • $getYear
        • $ifNull
        • $max
        • $min
        • $mod
        • $multiply
        • $pow
        • $subtract
        • $sqrt
      • Building Conditions
        • Compound Operators
          • $and
          • $or
        • Conditional Operators
          • $eq
          • $gt
          • $gte
          • $lt
          • $lte
          • $neq
      • Magical Autocomplete
  • Advanced Guide
    • Configuring Authentication
      • SSO Providers
        • AWS Cognito
      • Authentication Concepts
    • MongoDB Query Language
      • Limitations
    • Performance Considerations
      • Instant Deployments
  • User Management
  • Billing and Payments
    • Billing Portal
  • Help & Support
  • References
    • Change log
    • Available Cloud & Regions
Powered by GitBook
On this page
  • Steps to Generate Access Keys with AWS Cognito:
  • Create an App Client:
  • Configure App Client Settings:
  • Create an Identity Pool:
  • Obtain AWS Credentials:
  • Using the Keys
  • Getting JWKS URI
  1. Advanced Guide
  2. Configuring Authentication
  3. SSO Providers

AWS Cognito

An example of how to generate access keys and JWKS URI For AWS Cognito is here-

AWS Cognito provides two main components: User Pools and Identity Pools. User Pools are user directories that provide sign-up and sign-in options for app users. Identity Pools, on the other hand, grant AWS credentials to users so they can access other AWS services.

Steps to Generate Access Keys with AWS Cognito:

Create a User Pool:

  • Go to the AWS Management Console.

  • Navigate to the Cognito service.

  • Click on “Manage User Pools” and then “Create a User Pool”.

  • Name your user pool and configure the required options such as attributes and policies.

Create an App Client:

  • Within the user pool dashboard, select “App clients” under the General settings.

  • Click “Add an app client”, provide a name, and configure settings. Ensure you uncheck “Generate client secret” if your client is public (such as a mobile or frontend application).

  • Save the app client to generate an App Client ID.

Configure App Client Settings:

  • In the App client settings under the App integration section, configure the authentication providers and callback URLs for your application.

Create an Identity Pool:

  • Go back to the main page of the Cognito service.

  • Select “Manage Identity Pools” and create a new identity pool.

  • Give your identity pool a name and check “Enable access to unauthenticated identities” if you want to allow unauthenticated access.

  • Associate the identity pool with your user pool by selecting the Cognito User Pool as the authentication provider and inputting the User Pool ID and App Client ID.

Obtain AWS Credentials:

  • Once the identity pool is created, it will provide you with an Identity Pool ID.

  • Configure roles in IAM (Identity and Access Management) for authenticated and unauthenticated users, which define permissions for accessing AWS services.

  • AWS credentials (Access Key ID and Secret Access Key) are then automatically managed by Cognito, and users authenticated by Cognito can obtain temporary AWS credentials via the identity pool.

Using the Keys

When a user logs in via Cognito, AWS Cognito handles the generation and renewal of these temporary AWS credentials, which the application can then use to access other AWS services on behalf of the user. You just have to add the access key on your auth secret in cosmocloud!

Getting JWKS URI

To generate a JWKS (JSON Web Key Set) URI in AWS Cognito, you follow a straightforward process, mostly involving the setup of a Cognito User Pool. AWS Cognito automatically creates a JWKS URI for each User Pool, which contains the public keys used to verify the signatures of the tokens issued by Cognito.

Follow the same step #1 to create a user pool.

Once your User Pool is set up:

  • Go to the User Pool you have created.

  • Navigate to the App integration section and then click on App client settings.

  • In the App client settings, you’ll find a section or note about the identity providers being used and their associated URLs. Here, AWS provides the domain linked to your User Pool.

If your User Pool ID is us-east-1_abcdef, and your AWS region is us-east-1, then your JWKS URI will be:

This URI provides a JSON document containing the public keys that your client applications or servers can use to verify the signatures of JSON Web Tokens (JWTs) provided by AWS Cognito as part of the authentication process. These keys rotate periodically as AWS updates them, and your applications should always retrieve the JWKS dynamically to ensure verification against the current key set.

PreviousSSO ProvidersNextAuthentication Concepts

Last updated 1 year ago

https://cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdef/.well-known/jwks.json